Posts Tagged ‘smart home’

A page in The Costco Connection for January 2018 is devoted to “some of the smart tech you may want to invest in over the coming months.” The image above suggests 10 different smart technologies – lighting, windows, temperature, door locks, etc.

Note that I said “Costco.” This wasn’t Wired or Popular Science, which you might expect to have articles about the very latest in high-tech gadgetry. No, we’re talking mainstream.

Smart homes – Respond to voice or touch commands to adjust air and water temperature, lights, locks and cameras; “learn” family habits and schedules; report on current traffic conditions along your route to work; read and adjust solar panels; start the laundry.

The IoT — a mind-boggling composite of convenience and just plain cool stuff!

With one little problem: security.

Here it is reflected in one sentence from ISO Online, in an article about DEF CON 2017:

“At the IoT Village, hackers found 47 new vulnerabilities in 23 IoT devices.”

Whoops!

Even if you don’t understand exactly where the threats lie, you can probably recognize just how these vulnerabilities come about.

Like every other product, IoT products are hurried to market to beat the competition. (Think Apple.) They don’t have time to spend on developing sophisticated layers of security that interact with every other device’s layers of security.

Device manufacturers may be as interested in selling information about you and how you use the product as in selling the product in the first place. So, they conveniently overlook certain aspects of security. (Remember the TVs that were capturing info about their viewers’ choices? And the “Talking Barbies” that stored and transmitted what the children said to their dolls?)

Many IoT products are complex, combining software, hardware and services often provided by more than one supplier. Not infrequently, one or more of the suppliers sells out or even goes out of business somewhere along the line. A broken link in the chain is a hacker’s opportunity.

And IoT users – that is, us consumers – are not following smart security practices!

Now last month our Advisory reviewed home and business security systems – all of which were internet connected — and in doing that research I read many, many advertisements and reviews. Not one had anything to say about security. The Costco article didn’t mention security either!

But when I dug into broader background on the Internet of Things, I got a whole load of warnings.

So, in our ongoing effort to improve awareness and understanding about all areas of preparedness, here are . . .

Seven recommendations for your personal IoT devices as of January 2018.

1-Enable security features on all smart devices.Not sure if there ARE security features? If the device connects to your home network, there better be usernames and passwords that you can change from the default! In fact, the instructions should remind you to make those changes. Remember that default usernames and password combinations are published online and thus easily available to hackers.

2-Use strong passwords.Are your children using the devices? Don’t give them an easy password so they can operate the thing. A simple password makes it easier for every hacker to break into the device!

3-Check for and reconnect or remove dead devices.Some IoT devices are treated by the family or employees as toys, and after a while they lose interest in them. These neglected devices are precisely the ones that may provide an opening for a hacker. Take a regular inventory and clean up your IoT.

4-Schedule battery replacement.Many of these devices operate using battery power. Batteries die – and when they do, you could cause a security risk. (Door lock won’t open? Fire alarm won’t go off?) Check all devices regularly until you know just how long their batteries will last, and then build a schedule for ongoing maintenance – with dates and numbers and types of batteries required.

5-Update firmware (operating systems) and apps.If you find the updates on your phone or computer to be a nuisance, imagine having an entire collection of devices with apps that need updating! But it’s through updates that holes are stopped up and vulnerabilities are fixed. Watch for updates and apply them. (Not sure exactly how you’ll be notified of updates? Find out, so you don’t miss out.)

6-Be sure updates and/or network communications are encrypted.You don’t want strangers listening in on your baby monitor, measuring your blood pressure or noting the hours when the house is empty! If your smart device sends unencrypted info across your home network and the internet, you are vulnerable.

7-Are any ports left open?Some devices – particularly hubs or routers – need open ports to allow connections to the internet. The more ports that are open, the more vulnerable you may be to hackers. By and large, your firewall software will allow or block connections based on the profile you’ve set up. If you haven’t set up firewall software, do it. (If you aren’t sure how to find out about the status of your ports, you can get additional software to check on them.)

A next step for non-tekkies.

If you’re interested in getting a lot more familiar with IoT and IoT Security, plan on either spending a lot more time online or spending some money on one or more of the books available via Amazon or other book stores. Most of these books seem to be directed to IT professionals and have professional prices.

However, I did find this inexpensive book that looks intriguing for ordinary consumers. In it, the author turns the IoT from focusing on the THINGS (as we have done in this Advisory) to focusing on how the CONNECTIONS are going to empower people and businesses. His case studies make it clear how this can happen.

(FYI, according to the back of the book cover, the author was born in 1981. He got his first computer at age 7, wrote his first software application at 9, and has built and sold “several” technology businesses since he was 18. That gives me a comfortable feeling about his level of expertise!)

This Emergency Plan Guide Advisory is aimed at households. Naturally, much of it also applies to the business world, or at least to the small business world. Earlier in 2017 we drafted an Advisory and a checklist/questionnaire on Cyber Security for Business. If you overlooked them, you may want to check them out again. We’ll be updating this info regularly, but don’t wait for the update!

In the meanwhile, pay attention to your Things and don’t let them get you into trouble!

Virginia
Your Emergency Plan Guide Team

P.S. This is the kind of information that everyone should be aware of. Please forward this Advisory to friends and family and share with your neighborhood group. If just a few people take a few actions they will be safer than they were before.

P.P.S. What really got my attention from the DEF CON article was the report of a wheelchair being hacked . . .!